2016 April Microsoft 70-417 New Questions and Answers Updated Today in Braindump2go.com.

QUESTIONYour network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. You install Windows Server 2012 R2 on a new computer named DC3. You need to manually configure DC3 as a domain controller. Which tool should you use?

Answer: BExplanation:When you try to DCpromo a Server 2012, you get this message:

QUESTIONYour network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2. You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2. The new domain controller will have the following configurations:– Schema master– Global catalog server– DNS Server server role– Active Directory Certificate Services server roleYou need to identify which configurations cannot be fulfilled by using the Active Directory Installation Wizard.Which two configurations should you identify? (Each correct answer presents part of the solution.Choose two.)

Answer: BCExplanation:AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server. ADCS and schema must be done separately.QUESTIONYour network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. The forest contains four domain controllers. The domain controllers are configured as shown in the following table.All domain controllers are DNS servers. In the corp.contoso.com domain, you plan to deploy a new domain controller named DC5. You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully to a domain controller. Which domain controller should you identify?

A. DC1B. DC2C. DC3D. DC4

Answer: DExplanation:Relative ID (RID) Master:Allocates active and standby RID pools to replica domain controllers in the same domain. (corp.contoso.com) Must be online for newly promoted domain controllers to obtain a local RID pool that is required to advertise or when existing domain controllers have to update their current or standby RID pool allocation.The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC’s allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain’s RID master. The domain RID master responds to the request by retrieving RIDs from the domain’s unallocated RID pool and assigns them to the pool of the requesting DC At any one time, there can be only one domain controller acting as the RID master in the domain.The Infrastructure Master – The purpose of this role is to ensure that cross-domain objectreferences are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are performed, so the machine holding this role doesn’t need to have much horsepower at all.http://support.microsoft.com/kb/223346http://en.wikipedia.org/wiki/Flexible_single_master_operation

QUESTIONYour network contain an active directory domain named Contoso.com. The domain contains two servers named server1 and server2 that run Windows Server 2012 R2. You create a security template named template1 by using the security template snap-in. You need to apply template1 to server2. Which tool should you use?

QUESTIONYour network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.VM3 is used to test Applications. You need to prevent VM3 from synchronizing its clock to Server1.What should you configure?

Answer: IExplanation:Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup (volume snapshot services. Thus you should disable the time synchronization using Integration Services.

QUESTIONYour network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.You plan to schedule a complete backup of Server1 by using Windows Server Backup. You need to ensure that the state of VM1 is saved before the backup starts. What should you configure?

Answer: IExplanation:http://www.altaro.com/hyper-v/vss-crash-consistent-vs-Application-consistent-vss-backupspost-2- of-2/Backup Operations in Hyper-VNoVSS Writer Available?In some cases, you need an Application-consistent backup but there is no VSS writer available. One example of this is MySQL. Hyper-V backups of virtual machines containing MySQL will always result in either a crashconsistent or an image-level backup. For MySQL, the latter is probably acceptable as MySQL doesn’t perpetually expand the log file. However, if you’re using MySQL within a VSS-aware VM, then a Hyper-Vbased backup tool is going to take a crash-consistent backup. MySQL (like any other database system) isn’t always recoverable from a crash-consistent backup; even when recovery is possible, it may be painful. MySQL is just one example; any number of line-of-business Applications could tell a similar tale. In the case of MySQL, one solution is to find a guest-level backup Application that is MySQL- aware and can back it up properly. For Applications for which no backup Application has a plug-in, you may need to have pre- and post-backup scripts that stop services or close Applications. If brief downtime is acceptable, you can disable the Backup item in Hyper-V Integration Services, thereby forcing Hyper-V to save the state of the VM during backup. This technique results in an image-level backup and can be used on any Application that doesn’t have a VSS writer.

QUESTIONYour network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2. You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)

You need to manage IPAM from Server2. What should you do first?

A. On Server2, open Computer Management and connect to Server1.B. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.C. On Server2, add Server1 to Server Manager.D. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.

Answer: CExplanation:In the exhibit, we can see that only one server is managed with Server Manager on Server2 (itself, as in a Server, Server Manager always contains at least the server itself):So we can be sure that Server1 is not added to Server2 ServerManager Console. so if we want to manage IPAM, we should add Server1 to Server2’s Server Managerhttp://technet.microsoft.com/en-us/library/hh831622.aspxStep-by-Step: Configure IPAM to Manage Your IP Address Space IP Address Management (IPAM) in Windows Server?2012 is a framework for discovering, monitoring, managing and auditing IP address space on a corporate network. IPAM provides the following features:Automatic IP address infrastructure discoveryHighly customizable IP address space display, reporting, and management Configuration change auditing for DHCP and IPAM services Monitoring and management of DHCP and DNS servicesIP address lease tracking[…]IPAM security groupsThe following local IPAM security groups are created when you install IPAM. IPAM Users: Members of this group can view all information in server discovery, IP address space, and server management. They can view IPAM and DHCP server operational events, but cannot view IP address tracking information.IPAM MSM Administrators: IPAM multi-server management (MSM) administrators have IPAM Users privileges and can perform IPAM common management tasks and server management tasks. IPAM ASM Administrators: IPAM address space management (ASM) administrators have IPAM Users privileges and can perform IPAM common management tasks and IP address space tasks. (that’s a user group, not a computer group) IPAM IP Audit Administrators:Members of this group have IPAM Users privileges and can perform IPAM common management tasks and can view IP address tracking information.IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.http://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CDwQ FjAB&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FF%2F6%2F9%2FF 69BE7E8-3E99-4A4A-B1898AFADABC6216%2FUnderstand%2520and%2520Troubleshoot%2520IP%2520Address% 2520Management%2520(IPAM)%2520in%2520Windows%2520Server%25208%2520Beta .docx&ei=5xXWUIzRAsaQhQeUz4GQCg&usg=AFQjCNGh5tHzxwcaU9vXDGmPUgtjfPvhn w&bvm=bv.1355534169,d.d2k(download.microsoft.com)Understandand Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta If you are accessing the IPAM server remotely using ServerManager IPAM client RSAT, then you must be a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the appropriate IPAM security group (or local Administrators group).Installation Process ?IPAM ClientAlthough the IPAM client feature is automatically installed on a Windows Server “8” Beta server, along with installation of the IPAM Server feature, this component can also be installed or uninstalled on its own. Click through the Add roles and features wizard screens to select Role or Feature Based Install and the target server. On the Select Features screen, select Remote Server Administration Tools -> Feature Administration Tools -> IP Address Management (IPAM) Client. Click Add Features when prompted.In order for the IPAM client to connect to an IPAM server, you must ensure that the target IPAM server is added to the Server Manager purview using the Add Servers wizard launched from the Manage menu. If both IPAM client and IPAM server are running on the same server, then by default the IPAM UI connects to the local IPAM server instance.

QUESTIONYour network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed. On DC1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM. On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?

Answer: CExplanation:The exhibit shows (in the details tab) that firewall rules are OK for DNS management (DNS RPC Access Status Unblocked) But it shows too that Event log Access Status is blocked (which by the way blocks the IPAM Access Status) => We should solve this by adding the Server1 computer account to the Event Log Readers group Understand and Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta (download.microsoft.com)IPAM Access MonitoringIPAM Access SettingsManual provisioningFor manual provisioning, ensure that the required access settings are appropriately configured on the target server manually.Verify Access Verify that IPAM access status is listed as unblocked indicating that manual or GPO based provisioning is successfully complete.For the IPAM access status value to be allowed, all of the access sub-states shown in the details pane should be marked as allowed. These access states are:DNS RPC access statusDHCP RPC access statusEvent log access statusDHCP audit share access status[…]Troubleshooting Access IssuesIf any of the access sub-states for managed server roles is showing in the Blocked state, check that the corresponding setting is enabled on the target server. For details of access setting to sub-state mapping refer to the IPAM Access Monitoring section in this guide. For GPO based provisioning, the GPResultcommand line tool can be used to troubleshoot group policy update issues. The provisioning task setup by IPAM DHCP and DNS GPOs creates a troubleshooting log in the location %windir%\temp named IpamDhcpLog.txt and IpamDnsLog.txt respectively.http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/c882c077-61bd45f6-ab47-735bd728d3bc/IPAM– Unblock access to a DC?Theprocess to manually (not GPO based) unblock a DNS/DC server is:1. Enable DNS RPC access by enabling the following inbound Firewall rules:a) DNS Service (RPC)b) DNS Service (RPC Endpoint Mapper)2. Enable remote management access by enabling the following inbound Firewall rules:a) Remote Service Management (RPC)b) Remote Service Management (RPC-EPMAP)3. Enable Remote Event Log Management RPC access by enabling the following inbound Firewall rules:a) Remote Event Log Management (RPC)b) Remote Event Log Management (RPC-EPMAP)4. Add the IPAM machine acct to the Event Log Readers domain security group. See the example below.This view is from Active Directory Users and Computers \ contoso.com \ Builtin \ Event Log Readers:

Also, there should be a Details tab at the bottom that summarizes whether or not the correct firewall ports and the Event Log Access status are unblocked.

QUESTIONHotspot QuestionYour network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the IP Address Management (IPAM) Server feature installed. You have a support technician named Tech1. Tech1 is a member of the IPAM Administrators group on Server1 and Server2. You need to ensure that Tech1 can use Server Manager on Server1 to manage IPAM on Server2. To which group on Server2 should you add Tech1? To answer, select the appropriate group in the answer area.Answer: QUESTIONYour network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.Server1 has the IP Address Management (IPAM) Server feature installed. IPAM is configured currently for Group Policy-based provisioning. You need to change the IPAM provisioning method on Server1. What should you do?

A. Run the ipamgc.exe command.B. Run the Set-IPAMConfigurationcmdlet.C. Reinstall the IP Address Management (IPAM) Server feature.D. Delete IPAM Group Policy objects (GPOs) from the domain.

Answer: CExplanation:You cannot change the provisioning method after completing the initial setup. When you install IPAM and configure either manual OR GPO, you receive the same message about not being able to change the provisioning method. As a matter of fact, I set it up in my lab and configured it as GPO. Here is a copy/paste of the message that is presently on the IPAM home page in server manager:“The access configuration mode cannot be modified after completing the IPAM provisioning wizard” Also, the help console in IPAM displays this when searching about provisioning methods: “The managed server provisioning method cannot be changed after you complete the IPAM provisioning wizard.”